diff options
| author | Luca Deri <deri@ntop.org> | 2018-05-10 23:46:35 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2018-05-10 23:46:35 +0200 |
| commit | 50216991bd41f0cdfea599a76ace08ebd00501d3 (patch) | |
| tree | 6e7ba56f8f8b093f61577d2f61af5542748ecff9 | |
| parent | 3707553906027000fd189f93d131b68f8d886d54 (diff) | |
Improved hyperscan support and category definition
| -rw-r--r-- | configure.seed | 17 | ||||
| -rw-r--r-- | example/ndpiReader.c | 6 | ||||
| -rw-r--r-- | example/ndpi_util.c | 38 | ||||
| -rw-r--r-- | example/ndpi_util.h | 2 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 6 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 14 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 279 |
7 files changed, 284 insertions, 78 deletions
diff --git a/configure.seed b/configure.seed index a8ef98f71..a94f891d1 100644 --- a/configure.seed +++ b/configure.seed @@ -54,14 +54,19 @@ fi HS_LIB= HS_INC= -AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable Intel Hyperscan (if available)]) - -if test "${with_hyperscan}" == "yes"; then : - AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present])) - HS_INC=`pkg-config --cflags libhs` - HS_LIB=`pkg-config --libs libhs` +BKP=$LIBS +LIBS="$LIBS -lstdc++ -lm" +AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present])) +LIBS=$BKP + +if test "x$ac_cv_lib_hs_hs_compile_multi" = xyes; then : +AC_CHECK_LIB([m], [pow]) +AC_CHECK_LIB([stdc++], [main]) fi +HS_INC=`pkg-config --cflags libhs` +HS_LIB=`pkg-config --libs libhs` + if test -f $PCAP_HOME/libpcap/libpcap.a; then : echo "Using libpcap from $PCAP_HOME" PCAP_INC="-I $PCAP_HOME/libpcap" diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 3069adf8e..8560b0910 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -755,11 +755,17 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa flow->detected_protocol.master_protocol, flow->detected_protocol.app_protocol, ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol, buf, sizeof(buf))); + + if(flow->detected_protocol.category != 0) + fprintf(out, "[cat: %u]", flow->detected_protocol.category); } else fprintf(out, "[proto: %u/%s]", flow->detected_protocol.app_protocol, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); + if(flow->detected_protocol.category != 0) + fprintf(out, "[cat: %u]", flow->detected_protocol.category); + fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes); fprintf(out, "%s %u pkts/%llu bytes]", (flow->dst2src_packets > 0) ? "<->" : "->", diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 3df16c6a4..d83f1fdca 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -170,9 +170,9 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref set_ndpi_flow_malloc(NULL), set_ndpi_flow_free(NULL); /* TODO: just needed here to init ndpi malloc wrapper */ struct ndpi_detection_module_struct * module = ndpi_init_detection_module(); - + struct ndpi_workflow * workflow = ndpi_calloc(1, sizeof(struct ndpi_workflow)); - + workflow->pcap_handle = pcap_handle; workflow->prefs = *prefs; workflow->ndpi_struct = module; @@ -188,15 +188,15 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref exit(-1); _debug_protocols_ok = 1; } - + #ifdef NDPI_ENABLE_DEBUG_MESSAGES NDPI_BITMASK_RESET(module->debug_bitmask); if(_debug_protocols_ok) module->debug_bitmask = debug_bitmask; #endif - + workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *)); - + return workflow; } @@ -453,7 +453,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } else { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)ret; - if (is_changed) { + if(is_changed) { if(flow->src_ip == iph->saddr && flow->dst_ip == iph->daddr && flow->src_port == htons(*sport) @@ -510,16 +510,15 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo sizeof(struct ndpi_ipv6hdr), ntohs(iph6->ip6_hdr.ip6_un1_plen), tcph, udph, sport, dport, - src, dst, proto, payload, payload_len, src_to_dst_direction)); + src, dst, proto, payload, + payload_len, src_to_dst_direction)); } /* ****************************************************** */ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { if(!flow->ndpi_flow) return; - - /* printf("CATEGORY %u\n", flow->detected_protocol.category); */ - + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); @@ -528,7 +527,9 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl int i, j, n = 0; for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { - sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->protos.bittorrent.hash[i]); + sprintf(&flow->bittorent_hash[j], "%02x", + flow->ndpi_flow->protos.bittorrent.hash[i]); + j += 2, n += flow->ndpi_flow->protos.bittorrent.hash[i]; } @@ -562,10 +563,10 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(flow->detection_completed && !flow->check_extra_packets) { if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - if (workflow->__flow_giveup_callback != NULL) + if(workflow->__flow_giveup_callback != NULL) workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); } else { - if (workflow->__flow_detected_callback != NULL) + if(workflow->__flow_detected_callback != NULL) workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata); } @@ -641,17 +642,17 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ndpi_process_extra_packet(workflow->ndpi_struct, ndpi_flow, iph ? (uint8_t *)iph : (uint8_t *)iph6, ipsize, time, src, dst); - if (ndpi_flow->check_extra_packets == 0) { + if(ndpi_flow->check_extra_packets == 0) { flow->check_extra_packets = 0; process_ndpi_collected_info(workflow, flow); } } - } else if (ndpi_flow != NULL) { + } else if(ndpi_flow != NULL) { /* If this wasn't NULL we should do the half free */ /* TODO: When half_free is deprecated, get rid of this */ ndpi_free_flow_info_half(flow); } - + return(flow->detected_protocol); } @@ -666,7 +667,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, /* New protocol detected or give up */ flow->detection_completed = 1; /* Check if we should keep checking extra packets */ - if (ndpi_flow->check_extra_packets) + if(ndpi_flow->check_extra_packets) flow->check_extra_packets = 1; if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) @@ -780,7 +781,7 @@ datalink_check: if(check <= 1500) pyld_eth_len = check; - else if (check >= 1536) + else if(check >= 1536) type = check; if(pyld_eth_len != 0) { @@ -1069,4 +1070,3 @@ u_int32_t ethernet_crc32(const void* data, size_t n_bytes) { __crc32(data, n_bytes, &crc); return crc; } - diff --git a/example/ndpi_util.h b/example/ndpi_util.h index bace03cee..a6adb88c1 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -77,7 +77,7 @@ typedef struct ndpi_flow_info { char info[96]; char host_server_name[256]; char bittorent_hash[41]; - + struct { char client_info[48], server_info[48]; } ssh_ssl; diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 2cf5d3436..9b75d7bd4 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -751,9 +751,9 @@ extern "C" { void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, char *ip_address_and_mask, ndpi_protocol_category_t category); - void ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, - char *name, ndpi_protocol_category_t category); - void ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct); + int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, + char *name, ndpi_protocol_category_t category); + int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct); /** * Add a string to match to an automata diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 99531356d..af444e410 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -828,6 +828,14 @@ typedef struct ndpi_proto { #define NUM_CUSTOM_CATEGORIES 5 #define CUSTOM_CATEGORY_LABEL_LEN 32 +#ifdef HAVE_HYPERSCAN +struct hs_list { + char *expression; + unsigned int id; + struct hs_list *next; +}; +#endif + struct ndpi_detection_module_struct { NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask; @@ -886,7 +894,13 @@ struct ndpi_detection_module_struct { bigrams_automa, impossible_bigrams_automa; /* TOR */ struct { +#ifdef HAVE_HYPERSCAN + struct hs *hostnames; + unsigned int num_to_load; + struct hs_list *to_load; +#else ndpi_automa hostnames, hostnames_shadow; +#endif void *ipAddresses, *ipAddresses_shadow; /* Patricia */ } custom_categories; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d7c3467ca..ff2f81735 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -745,12 +745,36 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, #ifdef HAVE_HYPERSCAN +static int hyperscan_load_patterns(struct hs *hs, u_int num_patterns, + const char **expressions, unsigned int *ids) { + hs_compile_error_t *compile_err; + + if(hs_compile_multi(expressions, NULL, ids, + num_patterns, HS_MODE_BLOCK, NULL, + &hs->database, &compile_err) != HS_SUCCESS) { + NDPI_LOG_ERR(ndpi_mod, "Unable to initialize hyperscan database\n"); + hs_free_compile_error(compile_err); + return -1; + } + + hs->scratch = NULL; + if(hs_alloc_scratch(hs->database, &hs->scratch) != HS_SUCCESS) { + NDPI_LOG_ERR(ndpi_mod, "Unable to allocate hyperscan scratch space\n"); + hs_free_database(hs->database); + return -1; + } + + return 0; +} + +/* ******************************************************************** */ + static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { u_int num_patterns = 0, i; const char **expressions; unsigned int *ids; - hs_compile_error_t *compile_err; struct hs *hs; + int rc; ndpi_mod->hyperscan = (void*)malloc(sizeof(struct hs)); if(!ndpi_mod->hyperscan) return(-1); @@ -780,32 +804,26 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { } } - if(hs_compile_multi(expressions, NULL, ids, - num_patterns, HS_MODE_BLOCK, NULL, - &hs->database, &compile_err) != HS_SUCCESS) { - NDPI_LOG_ERR(ndpi_mod, "Unable to initialize hyperscan database\n"); - hs_free_compile_error(compile_err); - return -1; - } + rc = hyperscan_load_patterns(hs, num_patterns, expressions, ids); + free(expressions), free(ids); - if(hs_alloc_scratch(hs->database, &hs->scratch) != HS_SUCCESS) { - NDPI_LOG_ERR(ndpi_mod, "Unable to allocate hyperscan scratch space\n"); - hs_free_database(hs->database); - return -1; - } + return(rc); +} - return 0; +/* ******************************************************************** */ + +static void free_hyperscan_memory(struct hs *h) { + if(h) { + hs_free_scratch(h->scratch); + hs_free_database(h->database); + } } /* ******************************************************************** */ static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { - if(ndpi_mod->hyperscan) { - struct hs *hs = (struct hs*)ndpi_mod->hyperscan; - - hs_free_scratch(hs->scratch); - hs_free_database(hs->database); - } + if(ndpi_mod->hyperscan) + free_hyperscan_memory((struct hs*)ndpi_mod->hyperscan); } #endif @@ -1946,12 +1964,12 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp if(atoi(ptr)>=0 && atoi(ptr)<=32) bits = atoi(ptr); } - + inet_pton(AF_INET, value, &pin); - + if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, bits)) != NULL) node->value.user_value = protocol_id; - + return 0; } @@ -2048,15 +2066,21 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { ndpi_str->bigrams_automa.ac_automa = ac_automata_init(ac_match_handler); ndpi_str->impossible_bigrams_automa.ac_automa = ac_automata_init(ac_match_handler); +#ifdef HAVE_HYPERSCAN + ndpi_str->custom_categories.num_to_load = 0, ndpi_str->custom_categories.to_load = NULL; + ndpi_str->custom_categories.hostnames = NULL; +#else ndpi_str->custom_categories.hostnames.ac_automa = ac_automata_init(ac_match_handler); ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); +#endif + ndpi_str->custom_categories.ipAddresses = ndpi_New_Patricia(32 /* IPv4 */); ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); if((ndpi_str->custom_categories.ipAddresses == NULL) || (ndpi_str->custom_categories.ipAddresses_shadow == NULL)) return(NULL); - + ndpi_init_protocol_defaults(ndpi_str); for(i=0; i<NUM_CUSTOM_CATEGORIES; i++) @@ -2132,6 +2156,54 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id /* *********************************************** */ +#ifdef HAVE_HYPERSCAN + +static int hyperscanCustomEventHandler(unsigned int id, + unsigned long long from, + unsigned long long to, + unsigned int flags, void *ctx) { + *((unsigned long *)ctx) = (unsigned long)id; + +#ifdef DEBUG + printf("[HS] Found category %u\n", id); +#endif + + return HS_SCAN_TERMINATED; +} +#endif + +/* *********************************************** */ + +static int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct, + char *name, unsigned long *id) { +#ifdef HAVE_HYPERSCAN + if(ndpi_struct->custom_categories.hostnames == NULL) + return(-1); + else { + hs_error_t rc; + + *id = (unsigned long)-1; + + rc = hs_scan(ndpi_struct->custom_categories.hostnames->database, + name, strlen(name), 0, + ndpi_struct->custom_categories.hostnames->scratch, + hyperscanCustomEventHandler, id); + + if(rc == HS_SCAN_TERMINATED) { +#ifdef DEBUG + printf("[HS] Found category %lu for %s\n", *id, name); +#endif + return(0); + } else + return(-1); + } +#else + return(ndpi_match_string_id(ndpi_struct->custom_categories.hostnames.ac_automa, name, id)); +#endif +} + +/* *********************************************** */ + static void free_ptree_data(void *data) { ; } /* ****************************************************** */ @@ -2172,20 +2244,30 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct #ifdef HAVE_HYPERSCAN destroy_hyperscan(ndpi_struct); -#endif + while(ndpi_struct->custom_categories.to_load != NULL) { + struct hs_list *next = ndpi_struct->custom_categories.to_load->next; + + free(ndpi_struct->custom_categories.to_load->expression); + free(ndpi_struct->custom_categories.to_load); + ndpi_struct->custom_categories.to_load = next; + } + + free_hyperscan_memory(ndpi_struct->custom_categories.hostnames); +#else if(ndpi_struct->custom_categories.hostnames.ac_automa != NULL) ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames.ac_automa); if(ndpi_struct->custom_categories.hostnames_shadow.ac_automa != NULL) ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames_shadow.ac_automa); +#endif if(ndpi_struct->custom_categories.ipAddresses != NULL) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses, free_ptree_data); - + if(ndpi_struct->custom_categories.ipAddresses_shadow != NULL) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses_shadow, free_ptree_data); - + ndpi_free(ndpi_struct); } } @@ -3754,9 +3836,9 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, if (atoi(ptr)>=0 && atoi(ptr)<=32) bits = atoi(ptr); } - + inet_pton(AF_INET, ip_address_and_mask, &pin); - + if((node = add_to_ptree(ndpi_struct->custom_categories.ipAddresses_shadow, AF_INET, &pin, bits)) != NULL) node->value.user_value = (int)category; @@ -3764,38 +3846,135 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ -void ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, char *name, ndpi_protocol_category_t category) { AC_PATTERN_t ac_pattern; - if(name == NULL) return; + if(name == NULL) + return(-1); /* printf("===> Loading %s as %u\n", name, category); */ - - if(ndpi_struct->custom_categories.hostnames_shadow.ac_automa == NULL) return; + +#ifdef HAVE_HYPERSCAN + { + struct hs_list *h = (struct hs_list*)malloc(sizeof(struct hs_list)); + + if(h) { + char tmp[256]; + int i, j; + + for(i=0, j=0; (j<sizeof(tmp)) && (name[i] != '\0'); i++) { + if(name[i] == '.') + tmp[j++] = '\\'; + + tmp[j++] = name[i]; + } + + tmp[j] = '\0'; + + h->expression = strdup(name), h->id = (unsigned int)category; + if(h->expression == NULL) { + free(h); + return(-2); + } + + h->next = ndpi_struct->custom_categories.to_load; + ndpi_struct->custom_categories.to_load = h; + ndpi_struct->custom_categories.num_to_load++; + } else + return(-1); + } +#else + if(ndpi_struct->custom_categories.hostnames_shadow.ac_automa == NULL) + return(-1); + ac_pattern.astring = name, ac_pattern.length = strlen(ac_pattern.astring); ac_pattern.rep.number = (int)category; - + ac_automata_add(ndpi_struct->custom_categories.hostnames_shadow.ac_automa, &ac_pattern); +#endif + + return(0); } /* ********************************************************************************* */ -void ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct) { +int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) { +#ifdef HAVE_HYPERSCAN + if(ndpi_str->custom_categories.num_to_load > 0) { + const char **expressions; + unsigned int *ids, i; + int rc; + struct hs_list *head = ndpi_str->custom_categories.to_load; + + expressions = (const char**)calloc(sizeof(char*), + ndpi_str->custom_categories.num_to_load+1); + if(!expressions) return(-1); + + ids = (unsigned int*)calloc(sizeof(unsigned int), + ndpi_str->custom_categories.num_to_load+1); + if(!ids) { + free(expressions); + return(-1); + } + + for(i=0; head != NULL; i++) { +#ifdef DEBUG + printf("[HS] Loading category %u for %s\n", head->id, head->expression); +#endif + expressions[i] = head->expression, ids[i] = head->id; + head = head->next; + } + + free_hyperscan_memory(ndpi_str->custom_categories.hostnames); + ndpi_str->custom_categories.hostnames = (struct hs*)malloc(sizeof(struct hs)); + + if(ndpi_str->custom_categories.hostnames == NULL) { + free(expressions), free(ids); + return(-1); /* Failed */ + } + + rc = hyperscan_load_patterns(ndpi_str->custom_categories.hostnames, + ndpi_str->custom_categories.num_to_load, + expressions, ids); + free(expressions), free(ids); + + head = ndpi_str->custom_categories.to_load; + while(head != NULL) { + struct hs_list *next = head->next; + + free(head->expression); + free(head); + + head = next; + } + + ndpi_str->custom_categories.to_load = NULL; + + if(rc < 0) { + free(ndpi_str->custom_categories.hostnames); + ndpi_str->custom_categories.hostnames = NULL; + ndpi_str->custom_categories.hostnames = NULL; + } + } +#else /* Free */ - ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames.ac_automa); - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses, free_ptree_data); + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames.ac_automa); + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses, free_ptree_data); /* Finalize */ - ac_automata_finalize((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames_shadow.ac_automa); - + ac_automata_finalize((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames_shadow.ac_automa); + /* Swap */ - ndpi_struct->custom_categories.hostnames.ac_automa = ndpi_struct->custom_categories.hostnames_shadow.ac_automa; - ndpi_struct->custom_categories.ipAddresses = ndpi_struct->custom_categories.ipAddresses_shadow; + ndpi_str->custom_categories.hostnames.ac_automa = ndpi_str->custom_categories.hostnames_shadow.ac_automa; + ndpi_str->custom_categories.ipAddresses = ndpi_str->custom_categories.ipAddresses_shadow; /* Realloc */ - ndpi_struct->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); - ndpi_struct->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); + ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); + ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); +#endif + + return(0); } /* ********************************************************************************* */ @@ -3806,18 +3985,18 @@ static void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndp if(flow->packet.iph) { prefix_t prefix; patricia_node_t *node; - + /* Make sure all in network byte order otherwise compares wont work */ fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->saddr, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); - + if(!node) { fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->daddr, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); } - + if(node) { ret->category = (ndpi_protocol_category_t)node->value.user_value; return; @@ -3826,7 +4005,7 @@ static void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndp if(flow->host_server_name[0] != '\0') { unsigned long id; - int rc = ndpi_match_string_id(ndpi_struct->custom_categories.hostnames.ac_automa, (char *)flow->host_server_name, &id); + int rc =ndpi_match_custom_category(ndpi_struct, (char *)flow->host_server_name, &id); if(rc == 0) { ret->category = (ndpi_protocol_category_t)id; @@ -3836,7 +4015,7 @@ static void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndp if(flow->protos.ssl.server_certificate[0] != '\0') { unsigned long id; - int rc = ndpi_match_string_id(ndpi_struct->custom_categories.hostnames.ac_automa, (char *)flow->protos.ssl.server_certificate, &id); + int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.ssl.server_certificate, &id); if(rc == 0) { ret->category = (ndpi_protocol_category_t)id; @@ -5292,11 +5471,13 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str /* ******************************************************************** */ static int hyperscanEventHandler(unsigned int id, unsigned long long from, - unsigned long long to, unsigned int flags, void *ctx) { + unsigned long long to, unsigned int flags, void *ctx) { *((int *)ctx) = (int)id; return HS_SCAN_TERMINATED; } +/* *********************************************** */ + static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, |